evectl 0.1.0-alpha.8

EveCtl with Suricata and EveBox
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

// SPDX-FileCopyrightText: (C) 2025 Jason Ish <jason@codemonkey.net>
// SPDX-License-Identifier: MIT

use std::path::Path;

// No prelude as this is exported in the library and the prelude isn't
// for now.
use anyhow::Result;
use tracing::info;

pub const AF_PACKET_STUB: &str = "
%YAML 1.1
---

# Do not edit, automatically generated on every restart.

default-packet-size: 65549

af-packet:
  - interface: default
    threads: auto
    cluster-id: 131
    cluster-type: cluster_flow
    defrag: yes
    use-mmap: yes
    tpacket-v3: yes
    block-size: 2097152
";

pub fn write_af_packet_stub(path: &Path) -> Result<()> {
    info!("Writing af-packet partial to {}", path.display());
    std::fs::write(path, AF_PACKET_STUB)?;
    Ok(())
}